CC'ing MAINTAINER, any comments?
On 2022/03/28 23:54, Brad Smith wrote:
> On Thu, Mar 17, 2022 at 01:40:12AM -0400, Brad Smith wrote:
> > Here is an update to libsndfile 1.1.0beta2, plus two other fixes since the
> > release.
> >
> > There are more security related bug fixes that have gone in between 1.0.31
> > and
> > 1.1.0. I usually don't push beta releases but their release cycle is super
> > slow
> > due to lack of man power, but I think an update to this relase is worth it
> > for
> > the rollup of security fixes.
> >
> >
> > ### Added
> >
> > * MPEG Encode/Decode Support.
> >
> > Uses libmpg123 for decode, liblame for encode. Encoding and decoding
> > support
> > is independent of each other and is split into separate files. MPEG
> > support
> > is generalized as subformats, `SF_FORMAT_MPEG_LAYER`(I,II,III) so that it
> > might be used by other containers (`MPEG1WAVEFORMAT` for example), but
> > also
> > contains a major format `SF_FORMAT_MPEG` for 'mp3 files.'
> >
> > Encoding Status:
> > * Layer III encoding
> > * ID3v1 writing
> > * ID3v2 writing
> > * Lame/Xing Tag writing
> > * Bitrate selection command
> > * VBR or CBR
> >
> > Decoding Status:
> > * Layers I/II/III decoding
> > * ID3v1 reading
> > * ID3v2 reading
> > * Seeking
> > * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski.
> > * This `CHANGELOG.md`. All notable changes to this project will be
> > documented in
> > this file. The old `NEWS` file has been renamed to `NEWS.OLD` and is no
> > longer
> > updated.
> > * Add support for decoding MPEG III Audio in WAV files.
> > * `SECURITY.md` file to give people instructions for reporting security
> > vulnerabilities, thanks @zidingz.
> > * Support for [Vcpkg manifest
> > mode](https://vcpkg.readthedocs.io/en/latest/users/manifests/).
> >
> > If you have problems with manifest mode, disable it with
> > `VCPKG_MANIFEST_MODE`
> > switch.
> >
> > ### Changed
> >
> > * `SFC_SET_DITHER_ON_READ` and `SFC_SET_DITHER_ON_WRITE` enums comments in
> > public header, thanks @SmiVan (issue #677).
> > * `ENABLE_SNDFILE_WINDOWS_PROTOTYPES` define is deprecated and not needed
> > anymore.
> >
> > Previously, in order for the
> > [`sf_wchar_open`()](http://libsndfile.github.io/libsndfile/api.html#open)
> > function to become available on the Windows platform, it was required to
> > perform certain actions:
> >
> > ```c
> > #include <windows.h>
> > #define ENABLE_SNDFILE_WINDOWS_PROTOTYPES 1
> > #including <sndfile.h>
> > ```
> >
> > These steps are no longer required and the `sf_wchar_open`() function is
> > always available on the Windows platform.
> > * Use UTF-8 as internal path encoding on Windows platform.
> >
> > This is an internal change to unify and simplify the handling of file
> > paths.
> >
> > On the Windows platform, the file path is always converted to UTF-8 and
> > converted to UTF-16 only for calls to WinAPI functions.
> >
> > The behavior of the functions for opening files on other platforms does
> > not
> > change.
> > * Switch to .xz over .bz2 for release tarballs.
> > * Disable static builds using Autotools by default. If you want static
> > libraries, pass --enable-static to ./configure
> >
> > ### Fixed
> >
> > * Typo in `docs/index.md`.
> > * Typo in `programs/sndfile-convert.c`, thanks @fjl.
> > * Memory leak in `caf_read_header`(), credit to OSS-Fuzz ([issue
> > 30375](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30375)).
> > * Stack overflow in `guess_file_type`(), thanks @bobsayshilol, credit to
> > OSS-Fuzz ([issue
> > 29339](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29339)).
> > * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz
> > ([issue
> > 26257](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26257)).
> > * Infinite loop in `svx_read_header`(), thanks @bobsayshilol, credit to
> > OSS-Fuzz
> > ([issue
> > 25442](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25442)).
> > * GCC and Clang pedantic warnings, thanks @bobsayshilol.
> > * Normalisation issue when scaling floating point data to `int` in
> > `replace_read_f2i`(), thanks @bobsayshilol, (issue #702).
> > * Missing samples when doing a partial read of Ogg file from index till the
> > end
> > of file, thanks @arthurt (issue #643).
> > * sndfile-salvage: Handle files > 4 GB on Windows OS
> > * Undefined shift in `dyn_get_32bit`(), credit to OSS-Fuzz
> > ([issue
> > 27366](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27366)).
> > * Integer overflow in `nms_adpcm_update`(), credit to OSS-Fuzz
> > ([issue
> > 25522](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25522)).
> > * Integer overflow in `psf_log_printf`(), credit to OSS-Fuzz
> > ([issue
> > 28441](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28441)),
> > ([issue
> > 25624](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25624)).
> > * ABI version incompatibility between Autotools and CMake build on Apple
> > platforms.
> >
> > Now ABI must be compatible with Autotools builds. Note that this change
> > requires CMake >= 3.17 for building dylib on Apple platforms.
> >
> > * Fix build with Autotools + MinGW toolchain on Windows platform.
> >
> > See https://github.com/msys2/MINGW-packages/issues/5803 for details.
> >
> > ### Security
> >
> > * Heap buffer overflow in `wavlike_ima_decode_block`(), thanks
> > @bobsayshilol,
> > credit to OSS-Fuzz ([issue
> > 25530](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25530)).
> > * Heap buffer overflow in `msadpcm_decode_block`(), thanks @bobsayshilol,
> > credit to OSS-Fuzz ([issue
> > 26803](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803)).
> > * Heap buffer overflow in `psf_binheader_readf`(), thanks @bobsayshilol,
> > credit to OSS-Fuzz ([issue
> > 26026](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026)).
> > * Index out of bounds in `psf_nms_adpcm_decode_block`(), credit to OSS-Fuzz
> > ([issue
> > 25561](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25561)).
> > * Heap buffer overflow in `flac_buffer_copy`(), thanks @yuawn,
> > @bobsayshilol.
> > * Heap buffer overflow in `copyPredictorTo24`(), thanks @bobsayshilol,
> > credit to OSS-Fuzz ([issue
> > 27503](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27503)).
> > * Uninitialized variable in `psf_binheader_readf`(), thanks @shao-hua-li,
> > credit to OSS-Fuzz ([issue
> > 25364](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25364)).
>
> And a final release was made a few days after I posted this with one small
> commit
> for compiler warnings flag handling.
>
Index: Makefile
===================================================================
RCS file: /home/cvs/ports/audio/libsndfile/Makefile,v
retrieving revision 1.40
diff -u -p -u -p -r1.40 Makefile
--- Makefile 16 Mar 2022 19:21:14 -0000 1.40
+++ Makefile 29 Mar 2022 03:39:26 -0000
@@ -1,14 +1,11 @@
COMMENT= library to handle various audio file formats
-VER= 1.0.31
-DISTNAME= libsndfile-${VER}
-CATEGORIES= audio
GH_ACCOUNT= libsndfile
GH_PROJECT= libsndfile
-GH_TAGNAME= ${VER}
-REVISION= 1
+GH_TAGNAME= 1.1.0
+CATEGORIES= audio
-HOMEPAGE= https://github.com/libsndfile/libsndfile/
+HOMEPAGE= https://libsndfile.github.io/libsndfile/
MAINTAINER= Jan Stary <h...@stare.cz>
@@ -17,7 +14,7 @@ SHARED_LIBS += sndfile 7.0
# LGPLv2.1
PERMIT_PACKAGE= Yes
-WANTLIB= c m sndio FLAC ogg opus vorbis vorbisenc
+WANTLIB= FLAC c m mp3lame mpg123 ogg opus sndio vorbis vorbisenc
MODULES= devel/cmake \
lang/python
@@ -29,8 +26,12 @@ CONFIGURE_ARGS= -DBUILD_SHARED_LIBS:BOOL
-DCMAKE_DISABLE_FIND_PACKAGE_SQLite3:BOOL=True
LIB_DEPENDS= audio/flac \
+ audio/lame \
audio/libogg \
audio/libvorbis \
+ audio/mpg123 \
audio/opus
+
+NO_TEST= Yes
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /home/cvs/ports/audio/libsndfile/distinfo,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 distinfo
--- distinfo 24 Apr 2021 06:17:13 -0000 1.19
+++ distinfo 29 Mar 2022 03:39:51 -0000
@@ -1,2 +1,2 @@
-SHA256 (libsndfile-1.0.31.tar.gz) =
jN7grLBrsKPBpspSRXVkPfix86VaCJO03Z+CnQgmN4U=
-SIZE (libsndfile-1.0.31.tar.gz) = 662584
+SHA256 (libsndfile-1.1.0.tar.gz) = ZCqHa9YbY/k0ZijbpfigNWo611DH9vQgGdJs5gumoVs=
+SIZE (libsndfile-1.1.0.tar.gz) = 684409
Index: patches/patch-src_caf_c
===================================================================
RCS file: patches/patch-src_caf_c
diff -N patches/patch-src_caf_c
--- patches/patch-src_caf_c 11 Mar 2022 18:20:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-Fix memory leak in caf_read_header().
-
-Index: src/caf.c
---- src/caf.c.orig
-+++ src/caf.c
-@@ -416,6 +416,11 @@ caf_read_header (SF_PRIVATE *psf)
- return SFE_CAF_BAD_PEAK ;
- } ;
-
-+ if (psf->peak_info)
-+ { psf_log_printf (psf, "*** Found
existing peak info, using last one.\n") ;
-+ free (psf->peak_info) ;
-+ psf->peak_info = NULL ;
-+ } ;
- if ((psf->peak_info = peak_info_calloc
(psf->sf.channels)) == NULL)
- return SFE_MALLOC_FAILED ;
-
Index: patches/patch-src_flac_c
===================================================================
RCS file: patches/patch-src_flac_c
diff -N patches/patch-src_flac_c
--- patches/patch-src_flac_c 16 Mar 2022 19:09:59 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-Fix heap overflow:
-https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc
-https://github.com/libsndfile/libsndfile/issues/731
-
-Index: src/flac.c
---- src/flac.c.orig
-+++ src/flac.c
-@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
- /* Decode some more. */
- while (pflac->pos < pflac->len)
- { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
-+ { psf_log_printf (psf,
"FLAC__stream_decoder_process_single returned false\n") ;
-+ /* Current frame is busted, so NULL the pointer. */
-+ pflac->frame = NULL ;
- break ;
-+ } ;
- state = FLAC__stream_decoder_get_state (pflac->fsd) ;
- if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
- { psf_log_printf (psf, "FLAC__stream_decoder_get_state
returned %s\n", FLAC__StreamDecoderStateString [state]) ;
Index: patches/patch-src_ima_adpcm_c
===================================================================
RCS file: patches/patch-src_ima_adpcm_c
diff -N patches/patch-src_ima_adpcm_c
--- patches/patch-src_ima_adpcm_c 11 Mar 2022 18:20:16 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-Make sure that there's enough space to store decoded nibbles in when reading
IMA ADPCM data.
-
-Index: src/ima_adpcm.c
---- src/ima_adpcm.c.orig
-+++ src/ima_adpcm.c
-@@ -182,7 +182,12 @@ ima_reader_init (SF_PRIVATE *psf, int blockalign, int
- if (psf->file.mode != SFM_READ)
- return SFE_BAD_MODE_RW ;
-
-- pimasize = sizeof (IMA_ADPCM_PRIVATE) + blockalign * psf->sf.channels +
3 * psf->sf.channels * samplesperblock ;
-+ /*
-+ ** Allocate enough space for 1 more than a multiple of 8 samples
-+ ** to avoid having to branch when pulling apart the nibbles.
-+ */
-+ count = ((samplesperblock - 2) | 7) + 2 ;
-+ pimasize = sizeof (IMA_ADPCM_PRIVATE) + psf->sf.channels * (blockalign
+ samplesperblock + sizeof(short) * count) ;
-
- if (! (pima = calloc (1, pimasize)))
- return SFE_MALLOC_FAILED ;
Index: patches/patch-src_ms_adpcm_c
===================================================================
RCS file: patches/patch-src_ms_adpcm_c
diff -N patches/patch-src_ms_adpcm_c
--- patches/patch-src_ms_adpcm_c 16 Mar 2022 19:09:59 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,24 +0,0 @@
-CVE-2021-3246:
-https://security-tracker.debian.org/tracker/CVE-2021-3246
-https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32
-
-Index: src/ms_adpcm.c
---- src/ms_adpcm.c.orig
-+++ src/ms_adpcm.c
-@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int
blockalign,
- if (psf->file.mode == SFM_WRITE)
- samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) /
psf->sf.channels ;
-
-- if (blockalign < 7 * psf->sf.channels)
-- { psf_log_printf (psf, "*** Error blockalign (%d) should be >
%d.\n", blockalign, 7 * psf->sf.channels) ;
-+ /* There's 7 samples per channel in the preamble of each block */
-+ if (samplesperblock < 7 * psf->sf.channels)
-+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be
>= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
-+ return SFE_INTERNAL ;
-+ } ;
-+
-+ if (2 * blockalign < samplesperblock * psf->sf.channels)
-+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >=
%d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
- return SFE_INTERNAL ;
- } ;
-
Index: patches/patch-src_sndfile_c
===================================================================
RCS file: patches/patch-src_sndfile_c
diff -N patches/patch-src_sndfile_c
--- patches/patch-src_sndfile_c 11 Mar 2022 18:20:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,22 +0,0 @@
-Jump back to the start of guess_file_type() rather than recursing into it.
-
-Index: src/sndfile.c
---- src/sndfile.c.orig
-+++ src/sndfile.c
-@@ -2680,6 +2680,7 @@ static int
- guess_file_type (SF_PRIVATE *psf)
- { uint32_t buffer [3], format ;
-
-+retry:
- if (psf_binheader_readf (psf, "b", &buffer, SIGNED_SIZEOF (buffer)) !=
SIGNED_SIZEOF (buffer))
- { psf->error = SFE_BAD_FILE_READ ;
- return 0 ;
-@@ -2780,7 +2781,7 @@ guess_file_type (SF_PRIVATE *psf)
- || buffer [0] == MAKE_MARKER ('I', 'D', '3', 4))
- { psf_log_printf (psf, "Found 'ID3' marker.\n") ;
- if (id3_skip (psf))
-- return guess_file_type (psf) ;
-+ goto retry ;
- return 0 ;
- } ;
-
Index: patches/patch-src_svx_c
===================================================================
RCS file: patches/patch-src_svx_c
diff -N patches/patch-src_svx_c
--- patches/patch-src_svx_c 11 Mar 2022 18:20:16 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
-Jump forwards to the next 4 byte aligned offset rather than always jumping
backwards by 3 bytes.
-
-Index: src/svx.c
---- src/svx.c.orig
-+++ src/svx.c
-@@ -307,7 +307,8 @@ svx_read_header (SF_PRIVATE *psf)
- if ((chunk_size = psf_ftell (psf)) &
0x03)
- { psf_log_printf (psf, " Unknown
chunk marker at position %d. Resynching.\n", chunk_size - 4) ;
-
-- psf_binheader_readf (psf, "j",
-3) ;
-+ chunk_size = chunk_size & 3 ;
-+ psf_binheader_readf (psf, "j",
4 - chunk_size) ;
- break ;
- } ;
- psf_log_printf (psf, "*** Unknown chunk
marker (%X) at position %D. Exiting parser.\n", marker, psf_ftell (psf) - 8) ;
Index: patches/patch-src_wavlike_c
===================================================================
RCS file: patches/patch-src_wavlike_c
diff -N patches/patch-src_wavlike_c
--- patches/patch-src_wavlike_c 16 Mar 2022 19:09:59 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,20 +0,0 @@
-CVE-2021-3246:
-https://security-tracker.debian.org/tracker/CVE-2021-3246
-https://github.com/libsndfile/libsndfile/commit/a9815b3f228df00086e0a40bcc43162fc19896a1
-
-Index: src/wavlike.c
---- src/wavlike.c.orig
-+++ src/wavlike.c
-@@ -830,7 +830,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf, uint32_t chu
- return 0 ;
- } ;
-
-- if (chunksize >= sizeof (SF_CART_INFO_16K))
-+ /*
-+ ** SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't
part
-+ ** of the chunk, so don't include it in the size check.
-+ */
-+ if (chunksize >= sizeof (SF_CART_INFO_16K) - 4)
- { psf_log_printf (psf, "cart : %u too big to be handled\n",
chunksize) ;
- psf_binheader_readf (psf, "j", chunksize) ;
- return 0 ;
